This detection rule identifies instances of the Impact Solutions Platform as a Service (PhaaS) through analysis of email attachments and the content of body links in messages. It focuses on the use of the Impact Vector Suite, a platform known for stealthy payload delivery that targets phishing attacks, particularly credential harvesting. The rule analyzes attachments that are HTML files, specifically looking for characteristics that indicate they might be hosting harmful scripts or links associated with the PhaaS. Additionally, it inspects links in the email body for patterns that signal the presence of this service, including specific URL paths and port numbers related to the Impact Solutions system. By identifying these indicators, the rule helps mitigate risks linked to credential phishing attacks leveraging this advanced platform.